SISTEMA

Cyber Security

Information Security


What makes Sistema Technologies unique is the company’s hands-on experience in application development, combined with our background in secure development and information security. Sistema Technologies performs application and network vulnerability assessments and penetration tests to evaluate their respective exploitability, makes recommendations and provides services to strengthen the security posture of the application(s) and networks on which they reside. Our assessments help agencies enhance the security posture of their application portfolio and operating environments to protect confidentiality, integrity, and availability of the systems, data, and services.

A particular strength of Sistema’s Cyber Security offering is adaptability to a wide variety of technology stacks, providing effective penetration testing on multiple types of systems and programming languages.

Sistema has cybersecurity services and staff augmentation to align with your overall security program and strategic imperatives. Offerings include:

Web Application Assessments

  1. Comprehensive scanning and testing
  2. Threat modeling
  3. Manual testing
  4. Customized reporting
  5. Post-remediation validation

Staff Augmentation/ Security Consulting

  1. Tooling configuration
  2. Information Security consulting & compliance
  3. Cybersecurity staff-augmentation
  4. Continuous monitoring/scanning
  5. Remediation follow-up consultation

Network Security Assessments

  1. External/Internal network assessment
  2. Network footprinting & fingerprinting
  3. Automated tool Vulnerability assessment
  4. Manual validation of automated scans
  5. Targeted manual penetration testing

Physical Network Perimeter Assessment

  1. Guest wireless and Wi-Fi access points
  2. Perimeter reconnaissance, Building access
  3. Physical security, external video surveillance
  4. Social engineering assessments

The rapidly changing landscape of Information Technology today is a highly volatile place. Malicious black hat hackers, economically motivated or otherwise, pose a real and potent threat to the interests and continued success of businesses across the world. As new and emerging technologies and tools come to light, it becomes more plausible that a single bad actor could leverage the same tools and tactics used by government institutions. In response, businesses are pressured to adapt and improve their security posture, perhaps without the necessary resources and expertise needed to protect against cyber-attacks. A quick and decisive response is needed to best protect their assets and sensitive data while maintaining productivity and meeting customer expectations.

Sistema Technologies has a hands-on approach and experience in comprehensive web penetration testing, combined with our background in secure development and information security. Sistema Technologies performs application and network assessments to evaluate their respective exploitability, makes recommendations and provides services to strengthen the security posture of the application(s) and networks on which they reside. Our assessments help agencies enhance the security posture of their application portfolio and operating environments to protect confidentiality, integrity, and availability of the systems, data, and services. A particular strength of Sistema’s cyber security offering is adaptability to a wide variety of technology stacks, providing effective penetration testing on multiple types of systems and programming languages.

Assessments:

Web Application Assessments

The web application methodology involves thorough testing of the web application core defenses including authentication, access control (authorization), and session management.  Additionally, the web application penetration test methodology involves business logic testing, client-side testing, weak cryptography testing, and a large amount of input validation testing.

  • In-depth web application penetration testing, white-box and black-box engagements
  • Our consultants provide an independent comprehensive review, analysis, and testing, to investigate for at-risk entry points or inadvertent actions an unauthorized user might take to compromise a system.
  • Threat modeling: the consultant navigates through the entire target web application and maps out all the potential attack surface.
  • Baseline Scanning with various tools
    • Static Code Analysis
    • Vulnerability Scan for libraries
    • Dynamic Application Security Testing
  • Logical review: identifies business logic and system behavior and set-up manual security test cases.
  • Manual review based on OWASP Top 10. manual investigation of threats identified during baseline scanning and testers examine risk using interactive and manual analysis. Skilled penetration testing discovery covers risks unique to the application’s architecture, functional security, and unique features to see if a full exploit of the behavior exists.
  • Custom reports: custom reports include each positive finding; detailed steps, code samples, screen shots. Threat vector of the vulnerability using (Damage + Reproducibility + Exploitability + Affected Users + Discoverability) DREAD rating. Or STRIDE model to classify threats (Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of service and Elevation of privileges).
  • Post-remediation testing: validate previously reported findings have been remediated.

Network Security Assessments:

Internal and External network assessment

  • Network foot printing and fingerprinting to gather information about the network architecture
  • Vulnerability assessment with automated tools to determine if there are any known vulnerabilities that could be exploited to gain access to a target host on the network
  • Manual validation of key vulnerabilities discovered in automated scans
  • Targeted manual penetration testing of selected external live hosts (no more than 5 IP addresses per location)

Physical network perimeter assessment

  • Guest wireless and Wi-Fi access points
  • Perimeter reconnaissance, including building access, physical security, external video cameras
  • Social engineering assessments

Staff augmentation or security consulting services.

  • Such as tooling configurations, security consulting with applications or network teams, remediation consulting, and cybersecurity staff-augmentation.
  • Continuous monitoring and scanning
  • Consult remediation actions or provide details about the impact of the findings

Secure Software Development

Sistema Technologies builds and integrates secure enterprise software applications where security and trust are requirements.

Offerings include:

  • Application and network penetration tests
  • Legacy System Migration/Transformation
  • Secure development/ .NET and Java
  • Enterprise Web Applications
  • Service Oriented Architecture
  • Portal Integration
  • Web Services
  • Secure development oversight
  • Trusted Quality Assurance
  • Application Remediation
  • Load & Performance Testing

Information Security

Sistema Technologies provides information security services based on NIST 800-53 Risk Management framework and Compliance.

Offerings include:

  • Cyber security staff augmentation
  • Security Maturity Assessments
  • Network Vulnerability Assessments
  • Application and Network Penetration Testing (Internal and External)
  • Security Policy and Procedure Development and Review
  • Compliance Readiness Assessments (PII, PCI, NIST, FISMA, HIPAA, TAC, etc.)
  • Security Remediation Planning and Execution

Application Security

Sistema Technologies’ security consultants are trained and experienced developers with knowledge of the software development lifecycle and secure development strategies to develop, assess, and remediate application source code.

Offerings include:

  • Web Application Assessments & Penetration Testing
  • Mobile Application Penetration Testing
  • Thick-Client/Compiled Executable Code Penetration Testing
  • Cloud-based Application Penetration Testing
  • Secure Code Reviews
  • Comprehensive Static Source Code Analysis
  • Threat Modeling
  • 3rd Party Product Reviews
  • Remediation consulting services
  • Vulnerability Management
  • Secure Architecture/Design
  • Secure SLDC Consulting

Send us your resume

Work with our amazing team and change your life.
View Our Job Openings
crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram